Enable or disable Internet Connection Sharing with Group Policy

You can use this procedure to enable or disable Internet Connection Sharing (ICS).

ICS allows a computer that is connected to both a private and public network to share access to the public network with all computers on the private network. In an enterprise environment where you want to control access to the public network, you can disable ICS on all other computers to reduce the risk of unmanaged access to the public network.

If you disable ICS on a computer, the following results occur:

The ICS service cannot be started or configured.

The Advanced tab in the Connection Properties dialog box is removed.

The Internet Connection Sharing page is removed from the New Connection page.

The Network Setup page is disabled.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

If you move the computer to a different Domain Name System (DNS) domain after applying or refreshing the Group Policy setting, the change will not take effect until the Group Policy setting is refreshed again.

If you edit policy settings locally on a computer, you will affect the settings on only that one computer. If you configure the settings in a Group Policy object (GPO) hosted in an Active Directory domain, then the settings apply to all computers that are subject to that GPO. For more information about Group Policy in an Active Directory domain, see Group Policy (http://go.microsoft.com/fwlink/?LinkId=55625).